In a separate indictment, Rashid Abdulai, was charged for much of the same, but with his key role being controlling five TD Bank accounts that were used to launder funds.

The primary victim in this case seems to be "Company A", a real estate company in Memphis, who is foolishly identified in the indictment through the carelessness of the author. I've chosen to redact myself on that, but DAMN! When you describe the company in such a way that there is exactly one such company on planet earth, you are failing to keep the faith of your victim companies. Shame!

Fortunately, the indictment also shares a lot of details on the defendants:

RASHID ABDULAI, age 24
a citizen of Ghana, residing in Bronx, New York
controlled at least five TD Bank accounts

How It Worked

Martins, Maxwell, Bernard Okorhi, Victor Okorhi, and/or Miah would get the IP addresses of potentially vulnerable email servers and target them for intrusion. Using US based IP addresses offered through VPN services, they would access a variety of websites, including credit card transaction processors and dating websites. Their role in the conspiracy also included originating the spoofed emails that will be explained later.

Martins, both Okorhis, Maxwell, Miah, Wumpini, Brady, Dean, Ojo, and others would open bank accounts for receiving fraudulently-obtained funds and sending them to other accounts controlled by their co-conspirators.

Because they had control of email accounts at Crye-Leike, they could tell when fund transfers related to real estate sales were scheduled to take place. They would then spoof the email addresses of those involved in the transactions and send instructions causing the financial transfers to be redirected to accounts controlled by members of the conspiracy.

The funds were then laundered in a variety of ways, including using the funds to purchase goods, including construction materials, cell phones, and other electronics, and having those goods shipped to Ghana for use or resale to benefit the members of the conspiracy.

Maxwell, Miah, and both Okorhis created false identities and created dating profiles with false emails to correspond to their false dating profiles. Through these, they lured victims into online romance scams, gold-buying scams, and a variety of advanced fee fraud scams. These romance scam victims would carry out acts on behalf of the conspiracy, including forwarding counterfeit checks, receiving and shipping merchandice, and transferring proceeds via wire, US Mail, ocean freight, and express package delivery services.

Martins, Maxwell, Miah, and both Okorhis also purchased stolen PII, including credit card information, banking information, and IP addresses from underground forums specializing in the sale of such information.

By purchasing cell phones in the United State and activating Voice-over-IP (VOIP) accounts, the US telephone numbers could then be used by the conspirators in Africa, allowing them to appear to be making their calls in the United States.

Some of the activity in this case dates back to 2012, when MIAH was already using fraudulently purchased credit cards and remote desktop protocol (RDP) to make online purchases that appeared to be in the United States. (Hackers compromise US computers and set them up to use RDP so that foreign criminals can use them to originate credit card purchases in places where the credit card was issued. By having, say, a Memphis Tennessee IP address, purchases made by a Memphis Tennessee credit card do not seem as suspicious.)

Specific Acts

Some of their crimes were extremely bold. For example:

"On or about December 13, 2016, MIAH caused construction materials to be purchased with fraudulently obtained funds, and caused a freight container of construction supplies to be sent to him in Ghana." WHAT?!?! That's bold!

The compromise of the email accounts at Company A was in play by June 30, 2016, when $33,495 was wired to the wrong location after a tip received from stolen emails.

In August 2016, OJO opened a new Wells Fargo bank account, after his previous account at Bank of America was shut down due to fraud. He used ABEGUNDE's new address (presumably in Atlanta, Georgia) as the address for the new account.

He also opened a Wells Fargo account in the same address in October of 2016.

Benard Okorhi sent emails as "Marc.Richards@aol.com" directing C.M. to obtain cash advances from credit cards and send the proceeds to recipients in Ghana. He also ordered C.M. to purchase five iPhones and ship them to Ghana.

Miah used the "DrDenBrown@yahoo.com" email to tell Okorhi (as Marc.Richards) to smooth things out on the phone with a romance scam victim, because Okorhi had a better American accent.

Some of the other interesting "acts" in the conspiracy included:

25JUL2016 - Javier Luis Ramos Alonso accepts a $154,371 wire from Company A into his Wells Fargo account ending in 7688 and then sends the funds to accounts controlled by OJO in Atlanta.

30MAY2017 - Maxwell Peters directs the FBI agent to send $5,000 of the proceeds to himself in Ghana.

02JUN2017 - Maxwell Peters directs the FBI agent to send a $15,000 check to himself in Ghana.

Although the indictment doesn't lay out more of the particular acts, the Press Release says that this group stole more than $15 Million altogether!

Some interesting images

"M.Z." has an interesting Amazon Wish List for a romance scammer involved in shipping electronics:

On December 8, 2017, Abdulai says is asked in one of his WhatsApp chats: "Hope Maxwell case didn't put you into any problem." He responded "FBI came to my house asking me stuff about those transactions that was coming into my account so I'm tryna stay out f this whatapp n stuff for a while cuz I feel like they tracking me."